Merge pull request #235 from hashicorp/f-gce

Google Compute Engine Provider
2014-08-26 14:53:27 -07:00 · 2014-08-26 14:53:27 -07:00 · 3934c1b106
parent b8b012633c 7d5a96278d
commit 3934c1b106
31 changed files with 2993 additions and 0 deletions
--- a/builtin/providers/google/config.go
+++ b/builtin/providers/google/config.go
@ -0,0 +1,123 @@
+package google
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+
+	"code.google.com/p/goauth2/oauth"
+	"code.google.com/p/goauth2/oauth/jwt"
+	"code.google.com/p/google-api-go-client/compute/v1"
+)
+
+const clientScopes string = "https://www.googleapis.com/auth/compute"
+
+// Config is the configuration structure used to instantiate the Google
+// provider.
+type Config struct {
+	AccountFile       string
+	ClientSecretsFile string
+	Project           string
+	Region            string
+
+	clientCompute *compute.Service
+}
+
+func (c *Config) loadAndValidate() error {
+	var account accountFile
+	var secrets clientSecretsFile
+
+	// TODO: validation that it isn't blank
+	if c.AccountFile == "" {
+		c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
+	}
+	if c.ClientSecretsFile == "" {
+		c.ClientSecretsFile = os.Getenv("GOOGLE_CLIENT_FILE")
+	}
+	if c.Project == "" {
+		c.Project = os.Getenv("GOOGLE_PROJECT")
+	}
+	if c.Region == "" {
+		c.Region = os.Getenv("GOOGLE_REGION")
+	}
+
+	if err := loadJSON(&account, c.AccountFile); err != nil {
+		return fmt.Errorf(
+			"Error loading account file '%s': %s",
+			c.AccountFile,
+			err)
+	}
+
+	if err := loadJSON(&secrets, c.ClientSecretsFile); err != nil {
+		return fmt.Errorf(
+			"Error loading client secrets file '%s': %s",
+			c.ClientSecretsFile,
+			err)
+	}
+
+	// Get the token for use in our requests
+	log.Printf("[INFO] Requesting Google token...")
+	log.Printf("[INFO]   -- Email: %s", account.ClientEmail)
+	log.Printf("[INFO]   -- Scopes: %s", clientScopes)
+	log.Printf("[INFO]   -- Private Key Length: %d", len(account.PrivateKey))
+	log.Printf("[INFO]   -- Token URL: %s", secrets.Web.TokenURI)
+	jwtTok := jwt.NewToken(
+		account.ClientEmail,
+		clientScopes,
+		[]byte(account.PrivateKey))
+	jwtTok.ClaimSet.Aud = secrets.Web.TokenURI
+	token, err := jwtTok.Assert(new(http.Client))
+	if err != nil {
+		return fmt.Errorf("Error retrieving auth token: %s", err)
+	}
+
+	// Instantiate the transport to communicate to Google
+	transport := &oauth.Transport{
+		Config: &oauth.Config{
+			ClientId: account.ClientId,
+			Scope:    clientScopes,
+			TokenURL: secrets.Web.TokenURI,
+			AuthURL:  secrets.Web.AuthURI,
+		},
+		Token: token,
+	}
+
+	log.Printf("[INFO] Instantiating GCE client...")
+	c.clientCompute, err = compute.New(transport.Client())
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// accountFile represents the structure of the account file JSON file.
+type accountFile struct {
+	PrivateKeyId string `json:"private_key_id"`
+	PrivateKey   string `json:"private_key"`
+	ClientEmail  string `json:"client_email"`
+	ClientId     string `json:"client_id"`
+}
+
+// clientSecretsFile represents the structure of the client secrets JSON file.
+type clientSecretsFile struct {
+	Web struct {
+		AuthURI     string `json:"auth_uri"`
+		ClientEmail string `json:"client_email"`
+		ClientId    string `json:"client_id"`
+		TokenURI    string `json:"token_uri"`
+	}
+}
+
+func loadJSON(result interface{}, path string) error {
+	f, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	dec := json.NewDecoder(f)
+	return dec.Decode(result)
+}
--- a/builtin/providers/google/config_test.go
+++ b/builtin/providers/google/config_test.go
@ -0,0 +1,41 @@
+package google
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestConfigLoadJSON_account(t *testing.T) {
+	var actual accountFile
+	if err := loadJSON(&actual, "./test-fixtures/fake_account.json"); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	expected := accountFile{
+		PrivateKeyId: "foo",
+		PrivateKey:   "bar",
+		ClientEmail:  "foo@bar.com",
+		ClientId:     "id@foo.com",
+	}
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("bad: %#v", actual)
+	}
+}
+
+func TestConfigLoadJSON_client(t *testing.T) {
+	var actual clientSecretsFile
+	if err := loadJSON(&actual, "./test-fixtures/fake_client.json"); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	var expected clientSecretsFile
+	expected.Web.AuthURI = "https://accounts.google.com/o/oauth2/auth"
+	expected.Web.ClientEmail = "foo@developer.gserviceaccount.com"
+	expected.Web.ClientId = "foo.apps.googleusercontent.com"
+	expected.Web.TokenURI = "https://accounts.google.com/o/oauth2/token"
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("bad: %#v", actual)
+	}
+}
--- a/builtin/providers/google/image.go
+++ b/builtin/providers/google/image.go
@ -0,0 +1,43 @@
+package google
+
+import (
+	"strings"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+)
+
+// readImage finds the image with the given name.
+func readImage(c *Config, name string) (*compute.Image, error) {
+	// First, always try ourselves first.
+	image, err := c.clientCompute.Images.Get(c.Project, name).Do()
+	if err == nil && image != nil && image.SelfLink != "" {
+		return image, nil
+	}
+
+	// This is a map of names to the project name where a public image is
+	// hosted. GCE doesn't have an API to simply look up an image without
+	// a project so we do this jank thing.
+	imageMap := map[string]string{
+		"centos":   "centos-cloud",
+		"coreos":   "coreos-cloud",
+		"debian":   "debian-cloud",
+		"opensuse": "opensuse-cloud",
+		"rhel":     "rhel-cloud",
+		"sles":     "suse-cloud",
+	}
+
+	// If we match a lookup for an alternate project, then try that next.
+	// If not, we return the error.
+	var project string
+	for k, v := range imageMap {
+		if strings.Contains(name, k) {
+			project = v
+			break
+		}
+	}
+	if project == "" {
+		return nil, err
+	}
+
+	return c.clientCompute.Images.Get(project, name).Do()
+}
--- a/builtin/providers/google/operation.go
+++ b/builtin/providers/google/operation.go
@ -0,0 +1,79 @@
+package google
+
+import (
+	"bytes"
+	"fmt"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+// OperationWaitType is an enum specifying what type of operation
+// we're waiting on.
+type OperationWaitType byte
+
+const (
+	OperationWaitInvalid OperationWaitType = iota
+	OperationWaitGlobal
+	OperationWaitRegion
+	OperationWaitZone
+)
+
+type OperationWaiter struct {
+	Service *compute.Service
+	Op      *compute.Operation
+	Project string
+	Region  string
+	Zone    string
+	Type    OperationWaitType
+}
+
+func (w *OperationWaiter) RefreshFunc() resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		var op *compute.Operation
+		var err error
+
+		switch w.Type {
+		case OperationWaitGlobal:
+			op, err = w.Service.GlobalOperations.Get(
+				w.Project, w.Op.Name).Do()
+		case OperationWaitRegion:
+			op, err = w.Service.RegionOperations.Get(
+				w.Project, w.Region, w.Op.Name).Do()
+		case OperationWaitZone:
+			op, err = w.Service.ZoneOperations.Get(
+				w.Project, w.Zone, w.Op.Name).Do()
+		default:
+			return nil, "bad-type", fmt.Errorf(
+				"Invalid wait type: %#v", w.Type)
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		return op, op.Status, nil
+	}
+}
+
+func (w *OperationWaiter) Conf() *resource.StateChangeConf {
+	return &resource.StateChangeConf{
+		Pending: []string{"PENDING", "RUNNING"},
+		Target:  "DONE",
+		Refresh: w.RefreshFunc(),
+	}
+}
+
+// OperationError wraps compute.OperationError and implements the
+// error interface so it can be returned.
+type OperationError compute.OperationError
+
+func (e OperationError) Error() string {
+	var buf bytes.Buffer
+
+	for _, err := range e.Errors {
+		buf.WriteString(err.Message + "\n")
+	}
+
+	return buf.String()
+}
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@ -0,0 +1,58 @@
+package google
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+// Provider returns a terraform.ResourceProvider.
+func Provider() *schema.Provider {
+	return &schema.Provider{
+		Schema: map[string]*schema.Schema{
+			"account_file": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"client_secrets_file": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"project": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"region": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+
+		ResourcesMap: map[string]*schema.Resource{
+			"google_compute_address":  resourceComputeAddress(),
+			"google_compute_disk":     resourceComputeDisk(),
+			"google_compute_firewall": resourceComputeFirewall(),
+			"google_compute_instance": resourceComputeInstance(),
+			"google_compute_network":  resourceComputeNetwork(),
+			"google_compute_route":    resourceComputeRoute(),
+		},
+
+		ConfigureFunc: providerConfigure,
+	}
+}
+
+func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	config := Config{
+		AccountFile:       d.Get("account_file").(string),
+		ClientSecretsFile: d.Get("client_secrets_file").(string),
+		Project:           d.Get("project").(string),
+		Region:            d.Get("region").(string),
+	}
+
+	if err := config.loadAndValidate(); err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
--- a/builtin/providers/google/provider_test.go
+++ b/builtin/providers/google/provider_test.go
@ -0,0 +1,39 @@
+package google
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+var testAccProviders map[string]terraform.ResourceProvider
+var testAccProvider *schema.Provider
+
+func init() {
+	testAccProvider = Provider()
+	testAccProviders = map[string]terraform.ResourceProvider{
+		"google": testAccProvider,
+	}
+}
+
+func TestProvider(t *testing.T) {
+	if err := Provider().InternalValidate(); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestProvider_impl(t *testing.T) {
+	var _ terraform.ResourceProvider = Provider()
+}
+
+func testAccPreCheck(t *testing.T) {
+	if v := os.Getenv("GOOGLE_ACCOUNT_FILE"); v == "" {
+		t.Fatal("GOOGLE_ACCOUNT_FILE must be set for acceptance tests")
+	}
+
+	if v := os.Getenv("GOOGLE_CLIENT_FILE"); v == "" {
+		t.Fatal("GOOGLE_CLIENT_FILE must be set for acceptance tests")
+	}
+}
--- a/builtin/providers/google/resource_compute_address.go
+++ b/builtin/providers/google/resource_compute_address.go
@ -0,0 +1,130 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeAddress() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeAddressCreate,
+		Read:   resourceComputeAddressRead,
+		Delete: resourceComputeAddressDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"address": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceComputeAddressCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Build the address parameter
+	addr := &compute.Address{Name: d.Get("name").(string)}
+	log.Printf("[DEBUG] Address insert request: %#v", addr)
+	op, err := config.clientCompute.Addresses.Insert(
+		config.Project, config.Region, addr).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating address: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(addr.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Region:  config.Region,
+		Type:    OperationWaitRegion,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for address to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeAddressRead(d, meta)
+}
+
+func resourceComputeAddressRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	addr, err := config.clientCompute.Addresses.Get(
+		config.Project, config.Region, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading address: %s", err)
+	}
+
+	d.Set("address", addr.Address)
+
+	return nil
+}
+
+func resourceComputeAddressDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the address
+	op, err := config.clientCompute.Addresses.Delete(
+		config.Project, config.Region, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting address: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Region:  config.Region,
+		Type:    OperationWaitRegion,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for address to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
--- a/builtin/providers/google/resource_compute_address_test.go
+++ b/builtin/providers/google/resource_compute_address_test.go
@ -0,0 +1,81 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeAddress_basic(t *testing.T) {
+	var addr compute.Address
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeAddressDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeAddress_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeAddressExists(
+						"google_compute_address.foobar", &addr),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeAddressDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_address" {
+			continue
+		}
+
+		_, err := config.clientCompute.Addresses.Get(
+			config.Project, config.Region, rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Address still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeAddressExists(n string, addr *compute.Address) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Addresses.Get(
+			config.Project, config.Region, rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Addr not found")
+		}
+
+		*addr = *found
+
+		return nil
+	}
+}
+
+const testAccComputeAddress_basic = `
+resource "google_compute_address" "foobar" {
+	name = "terraform-test"
+}`
--- a/builtin/providers/google/resource_compute_disk.go
+++ b/builtin/providers/google/resource_compute_disk.go
@ -0,0 +1,157 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeDisk() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeDiskCreate,
+		Read:   resourceComputeDiskRead,
+		Delete: resourceComputeDiskDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"zone": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"image": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"size": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceComputeDiskCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Build the disk parameter
+	disk := &compute.Disk{
+		Name:   d.Get("name").(string),
+		SizeGb: int64(d.Get("size").(int)),
+	}
+
+	// If we were given a source image, load that.
+	if v, ok := d.GetOk("image"); ok {
+		log.Printf("[DEBUG] Loading image: %s", v.(string))
+		image, err := readImage(config, v.(string))
+		if err != nil {
+			return fmt.Errorf(
+				"Error loading image '%s': %s",
+				v.(string), err)
+		}
+
+		disk.SourceImage = image.SelfLink
+	}
+
+	op, err := config.clientCompute.Disks.Insert(
+		config.Project, d.Get("zone").(string), disk).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating disk: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(disk.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Zone:    d.Get("zone").(string),
+		Type:    OperationWaitZone,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for disk to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeDiskRead(d, meta)
+}
+
+func resourceComputeDiskRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	_, err := config.clientCompute.Disks.Get(
+		config.Project, d.Get("zone").(string), d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading disk: %s", err)
+	}
+
+	return nil
+}
+
+func resourceComputeDiskDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the disk
+	op, err := config.clientCompute.Disks.Delete(
+		config.Project, d.Get("zone").(string), d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting disk: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Zone:    d.Get("zone").(string),
+		Type:    OperationWaitZone,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for disk to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
--- a/builtin/providers/google/resource_compute_disk_test.go
+++ b/builtin/providers/google/resource_compute_disk_test.go
@ -0,0 +1,84 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeDisk_basic(t *testing.T) {
+	var disk compute.Disk
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeDiskDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeDisk_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDiskExists(
+						"google_compute_disk.foobar", &disk),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeDiskDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_disk" {
+			continue
+		}
+
+		_, err := config.clientCompute.Disks.Get(
+			config.Project, rs.Attributes["zone"], rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Disk still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeDiskExists(n string, disk *compute.Disk) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Disks.Get(
+			config.Project, rs.Attributes["zone"], rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Disk not found")
+		}
+
+		*disk = *found
+
+		return nil
+	}
+}
+
+const testAccComputeDisk_basic = `
+resource "google_compute_disk" "foobar" {
+	name = "terraform-test"
+	image = "debian-7-wheezy-v20140814"
+	size = 50
+	zone = "us-central1-a"
+}`
--- a/builtin/providers/google/resource_compute_firewall.go
+++ b/builtin/providers/google/resource_compute_firewall.go
@ -0,0 +1,292 @@
+package google
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeFirewall() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeFirewallCreate,
+		Read:   resourceComputeFirewallRead,
+		Update: resourceComputeFirewallUpdate,
+		Delete: resourceComputeFirewallDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"network": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"allow": &schema.Schema{
+				Type:     schema.TypeSet,
+				Required: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"protocol": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"ports": &schema.Schema{
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set: func(v interface{}) int {
+								return hashcode.String(v.(string))
+							},
+						},
+					},
+				},
+				Set: resourceComputeFirewallAllowHash,
+			},
+
+			"source_ranges": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set: func(v interface{}) int {
+					return hashcode.String(v.(string))
+				},
+			},
+
+			"source_tags": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set: func(v interface{}) int {
+					return hashcode.String(v.(string))
+				},
+			},
+		},
+	}
+}
+
+func resourceComputeFirewallAllowHash(v interface{}) int {
+	var buf bytes.Buffer
+	m := v.(map[string]interface{})
+	buf.WriteString(fmt.Sprintf("%s-", m["protocol"].(string)))
+
+	// We need to make sure to sort the strings below so that we always
+	// generate the same hash code no matter what is in the set.
+	if v, ok := m["ports"]; ok {
+		vs := v.(*schema.Set).List()
+		s := make([]string, len(vs))
+		for i, raw := range vs {
+			s[i] = raw.(string)
+		}
+		sort.Strings(s)
+
+		for _, v := range s {
+			buf.WriteString(fmt.Sprintf("%s-", v))
+		}
+	}
+
+	return hashcode.String(buf.String())
+}
+
+func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	firewall, err := resourceFirewall(d, meta)
+	if err != nil {
+		return err
+	}
+
+	op, err := config.clientCompute.Firewalls.Insert(
+		config.Project, firewall).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating firewall: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(firewall.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for firewall to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeFirewallRead(d, meta)
+}
+
+func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	_, err := config.clientCompute.Firewalls.Get(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading firewall: %s", err)
+	}
+
+	return nil
+}
+
+func resourceComputeFirewallUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	firewall, err := resourceFirewall(d, meta)
+	if err != nil {
+		return err
+	}
+
+	op, err := config.clientCompute.Firewalls.Update(
+		config.Project, d.Id(), firewall).Do()
+	if err != nil {
+		return fmt.Errorf("Error updating firewall: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for firewall to update: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeFirewallRead(d, meta)
+}
+
+func resourceComputeFirewallDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the firewall
+	op, err := config.clientCompute.Firewalls.Delete(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting firewall: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for firewall to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func resourceFirewall(
+	d *schema.ResourceData,
+	meta interface{}) (*compute.Firewall, error) {
+	config := meta.(*Config)
+
+	// Look up the network to attach the firewall to
+	network, err := config.clientCompute.Networks.Get(
+		config.Project, d.Get("network").(string)).Do()
+	if err != nil {
+		return nil, fmt.Errorf("Error reading network: %s", err)
+	}
+
+	// Build up the list of allowed entries
+	var allowed []*compute.FirewallAllowed
+	if v := d.Get("allow").(*schema.Set); v.Len() > 0 {
+		allowed = make([]*compute.FirewallAllowed, 0, v.Len())
+		for _, v := range v.List() {
+			m := v.(map[string]interface{})
+
+			var ports []string
+			if v := m["ports"].(*schema.Set); v.Len() > 0 {
+				ports = make([]string, v.Len())
+				for i, v := range v.List() {
+					ports[i] = v.(string)
+				}
+			}
+
+			allowed = append(allowed, &compute.FirewallAllowed{
+				IPProtocol: m["protocol"].(string),
+				Ports:      ports,
+			})
+		}
+	}
+
+	// Build up the list of sources
+	var sourceRanges, sourceTags []string
+	if v := d.Get("source_ranges").(*schema.Set); v.Len() > 0 {
+		sourceRanges = make([]string, v.Len())
+		for i, v := range v.List() {
+			sourceRanges[i] = v.(string)
+		}
+	}
+	if v := d.Get("source_tags").(*schema.Set); v.Len() > 0 {
+		sourceTags = make([]string, v.Len())
+		for i, v := range v.List() {
+			sourceTags[i] = v.(string)
+		}
+	}
+
+	// Build the firewall parameter
+	return &compute.Firewall{
+		Name:         d.Get("name").(string),
+		Network:      network.SelfLink,
+		Allowed:      allowed,
+		SourceRanges: sourceRanges,
+		SourceTags:   sourceTags,
+	}, nil
+}
--- a/builtin/providers/google/resource_compute_firewall_test.go
+++ b/builtin/providers/google/resource_compute_firewall_test.go
@ -0,0 +1,152 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeFirewall_basic(t *testing.T) {
+	var firewall compute.Firewall
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeFirewall_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeFirewallExists(
+						"google_compute_firewall.foobar", &firewall),
+				),
+			},
+		},
+	})
+}
+
+func TestAccComputeFirewall_update(t *testing.T) {
+	var firewall compute.Firewall
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeFirewall_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeFirewallExists(
+						"google_compute_firewall.foobar", &firewall),
+				),
+			},
+			resource.TestStep{
+				Config: testAccComputeFirewall_update,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeFirewallExists(
+						"google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallPorts(
+						&firewall, "80-255"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeFirewallDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_firewall" {
+			continue
+		}
+
+		_, err := config.clientCompute.Firewalls.Get(
+			config.Project, rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Firewall still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Firewalls.Get(
+			config.Project, rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Firewall not found")
+		}
+
+		*firewall = *found
+
+		return nil
+	}
+}
+
+func testAccCheckComputeFirewallPorts(
+	firewall *compute.Firewall, ports string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if len(firewall.Allowed) == 0 {
+			return fmt.Errorf("no allowed rules")
+		}
+
+		if firewall.Allowed[0].Ports[0] != ports {
+			return fmt.Errorf("bad: %#v", firewall.Allowed[0].Ports)
+		}
+
+		return nil
+	}
+}
+
+const testAccComputeFirewall_basic = `
+resource "google_compute_network" "foobar" {
+	name = "terraform-test"
+	ipv4_range = "10.0.0.0/16"
+}
+
+resource "google_compute_firewall" "foobar" {
+	name = "terraform-test"
+	network = "${google_compute_network.foobar.name}"
+	source_tags = ["foo"]
+
+	allow {
+		protocol = "icmp"
+	}
+}`
+
+const testAccComputeFirewall_update = `
+resource "google_compute_network" "foobar" {
+	name = "terraform-test"
+	ipv4_range = "10.0.0.0/16"
+}
+
+resource "google_compute_firewall" "foobar" {
+	name = "terraform-test"
+	network = "${google_compute_network.foobar.name}"
+	source_tags = ["foo"]
+
+	allow {
+		protocol = "tcp"
+		ports = ["80-255"]
+	}
+}`
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@ -0,0 +1,462 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeInstance() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeInstanceCreate,
+		Read:   resourceComputeInstanceRead,
+		Update: resourceComputeInstanceUpdate,
+		Delete: resourceComputeInstanceDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"machine_type": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"zone": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"disk": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// TODO(mitchellh): one of image or disk is required
+
+						"disk": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"image": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
+
+			"network": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"source": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"address": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"name": &schema.Schema{
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"internal_address": &schema.Schema{
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
+			"metadata": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeMap,
+				},
+			},
+
+			"tags": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set: func(v interface{}) int {
+					return hashcode.String(v.(string))
+				},
+			},
+
+			"metadata_fingerprint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"tags_fingerprint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Get the zone
+	log.Printf("[DEBUG] Loading zone: %s", d.Get("zone").(string))
+	zone, err := config.clientCompute.Zones.Get(
+		config.Project, d.Get("zone").(string)).Do()
+	if err != nil {
+		return fmt.Errorf(
+			"Error loading zone '%s': %s", d.Get("zone").(string), err)
+	}
+
+	// Get the machine type
+	log.Printf("[DEBUG] Loading machine type: %s", d.Get("machine_type").(string))
+	machineType, err := config.clientCompute.MachineTypes.Get(
+		config.Project, zone.Name, d.Get("machine_type").(string)).Do()
+	if err != nil {
+		return fmt.Errorf(
+			"Error loading machine type: %s",
+			err)
+	}
+
+	// Build up the list of disks
+	disksCount := d.Get("disk.#").(int)
+	disks := make([]*compute.AttachedDisk, 0, disksCount)
+	for i := 0; i < disksCount; i++ {
+		prefix := fmt.Sprintf("disk.%d", i)
+
+		var sourceLink string
+
+		// Load up the disk for this disk if specified
+		if v, ok := d.GetOk(prefix + ".disk"); ok {
+			diskName := v.(string)
+			disk, err := config.clientCompute.Disks.Get(
+				config.Project, zone.Name, diskName).Do()
+			if err != nil {
+				return fmt.Errorf(
+					"Error loading disk '%s': %s",
+					diskName, err)
+			}
+
+			sourceLink = disk.SelfLink
+		}
+
+		// Load up the image for this disk if specified
+		if v, ok := d.GetOk(prefix + ".image"); ok {
+			imageName := v.(string)
+			image, err := readImage(config, imageName)
+			if err != nil {
+				return fmt.Errorf(
+					"Error loading image '%s': %s",
+					imageName, err)
+			}
+
+			sourceLink = image.SelfLink
+		}
+
+		// Build the disk
+		var disk compute.AttachedDisk
+		disk.Type = "PERSISTENT"
+		disk.Mode = "READ_WRITE"
+		disk.Boot = i == 0
+		disk.AutoDelete = true
+		disk.InitializeParams = &compute.AttachedDiskInitializeParams{
+			SourceImage: sourceLink,
+		}
+
+		disks = append(disks, &disk)
+	}
+
+	// Build up the list of networks
+	networksCount := d.Get("network.#").(int)
+	networks := make([]*compute.NetworkInterface, 0, networksCount)
+	for i := 0; i < networksCount; i++ {
+		prefix := fmt.Sprintf("network.%d", i)
+		// Load up the name of this network
+		networkName := d.Get(prefix + ".source").(string)
+		network, err := config.clientCompute.Networks.Get(
+			config.Project, networkName).Do()
+		if err != nil {
+			return fmt.Errorf(
+				"Error loading network '%s': %s",
+				networkName, err)
+		}
+
+		// Build the disk
+		var iface compute.NetworkInterface
+		iface.AccessConfigs = []*compute.AccessConfig{
+			&compute.AccessConfig{
+				Type:  "ONE_TO_ONE_NAT",
+				NatIP: d.Get(prefix + ".address").(string),
+			},
+		}
+		iface.Network = network.SelfLink
+
+		networks = append(networks, &iface)
+	}
+
+	// Create the instance information
+	instance := compute.Instance{
+		Description:       d.Get("description").(string),
+		Disks:             disks,
+		MachineType:       machineType.SelfLink,
+		Metadata:          resourceInstanceMetadata(d),
+		Name:              d.Get("name").(string),
+		NetworkInterfaces: networks,
+		Tags:              resourceInstanceTags(d),
+		/*
+			ServiceAccounts: []*compute.ServiceAccount{
+				&compute.ServiceAccount{
+					Email: "default",
+					Scopes: []string{
+						"https://www.googleapis.com/auth/userinfo.email",
+						"https://www.googleapis.com/auth/compute",
+						"https://www.googleapis.com/auth/devstorage.full_control",
+					},
+				},
+			},
+		*/
+	}
+
+	log.Printf("[INFO] Requesting instance creation")
+	op, err := config.clientCompute.Instances.Insert(
+		config.Project, zone.Name, &instance).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating instance: %s", err)
+	}
+
+	// Store the ID now
+	d.SetId(instance.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Zone:    zone.Name,
+		Type:    OperationWaitZone,
+	}
+	state := w.Conf()
+	state.Delay = 10 * time.Second
+	state.Timeout = 10 * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for instance to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeInstanceRead(d, meta)
+}
+
+func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	instance, err := config.clientCompute.Instances.Get(
+		config.Project, d.Get("zone").(string), d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading instance: %s", err)
+	}
+
+	// Set the networks
+	for i, iface := range instance.NetworkInterfaces {
+		prefix := fmt.Sprintf("network.%d", i)
+		d.Set(prefix+".name", iface.Name)
+		d.Set(prefix+".internal_address", iface.NetworkIP)
+	}
+
+	// Set the metadata fingerprint if there is one.
+	if instance.Metadata != nil {
+		d.Set("metadata_fingerprint", instance.Metadata.Fingerprint)
+	}
+
+	// Set the tags fingerprint if there is one.
+	if instance.Tags != nil {
+		d.Set("tags_fingerprint", instance.Tags.Fingerprint)
+	}
+
+	return nil
+}
+
+func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// If the Metadata has changed, then update that.
+	if d.HasChange("metadata") {
+		metadata := resourceInstanceMetadata(d)
+		op, err := config.clientCompute.Instances.SetMetadata(
+			config.Project, d.Get("zone").(string), d.Id(), metadata).Do()
+		if err != nil {
+			return fmt.Errorf("Error updating metadata: %s", err)
+		}
+
+		w := &OperationWaiter{
+			Service: config.clientCompute,
+			Op:      op,
+			Project: config.Project,
+			Zone:    d.Get("zone").(string),
+			Type:    OperationWaitZone,
+		}
+		state := w.Conf()
+		state.Delay = 1 * time.Second
+		state.Timeout = 5 * time.Minute
+		state.MinTimeout = 2 * time.Second
+		opRaw, err := state.WaitForState()
+		if err != nil {
+			return fmt.Errorf("Error waiting for metadata to update: %s", err)
+		}
+		op = opRaw.(*compute.Operation)
+		if op.Error != nil {
+			// Return the error
+			return OperationError(*op.Error)
+		}
+	}
+
+	if d.HasChange("tags") {
+		tags := resourceInstanceTags(d)
+		op, err := config.clientCompute.Instances.SetTags(
+			config.Project, d.Get("zone").(string), d.Id(), tags).Do()
+		if err != nil {
+			return fmt.Errorf("Error updating tags: %s", err)
+		}
+
+		w := &OperationWaiter{
+			Service: config.clientCompute,
+			Op:      op,
+			Project: config.Project,
+			Zone:    d.Get("zone").(string),
+			Type:    OperationWaitZone,
+		}
+		state := w.Conf()
+		state.Delay = 1 * time.Second
+		state.Timeout = 5 * time.Minute
+		state.MinTimeout = 2 * time.Second
+		opRaw, err := state.WaitForState()
+		if err != nil {
+			return fmt.Errorf("Error waiting for tags to update: %s", err)
+		}
+		op = opRaw.(*compute.Operation)
+		if op.Error != nil {
+			// Return the error
+			return OperationError(*op.Error)
+		}
+	}
+
+	return resourceComputeInstanceRead(d, meta)
+}
+
+func resourceComputeInstanceDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	op, err := config.clientCompute.Instances.Delete(
+		config.Project, d.Get("zone").(string), d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting instance: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Zone:    d.Get("zone").(string),
+		Type:    OperationWaitZone,
+	}
+	state := w.Conf()
+	state.Delay = 5 * time.Second
+	state.Timeout = 5 * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for instance to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func resourceInstanceMetadata(d *schema.ResourceData) *compute.Metadata {
+	var metadata *compute.Metadata
+	if v := d.Get("metadata").([]interface{}); len(v) > 0 {
+		m := new(compute.Metadata)
+		m.Items = make([]*compute.MetadataItems, 0, len(v))
+		for _, v := range v {
+			for k, v := range v.(map[string]interface{}) {
+				m.Items = append(m.Items, &compute.MetadataItems{
+					Key:   k,
+					Value: v.(string),
+				})
+			}
+		}
+
+		// Set the fingerprint. If the metadata has never been set before
+		// then this will just be blank.
+		m.Fingerprint = d.Get("metadata_fingerprint").(string)
+
+		metadata = m
+	}
+
+	return metadata
+}
+
+func resourceInstanceTags(d *schema.ResourceData) *compute.Tags {
+	// Calculate the tags
+	var tags *compute.Tags
+	if v := d.Get("tags"); v != nil {
+		vs := v.(*schema.Set).List()
+		tags = new(compute.Tags)
+		tags.Items = make([]string, len(vs))
+		for i, v := range v.(*schema.Set).List() {
+			tags.Items[i] = v.(string)
+		}
+
+		tags.Fingerprint = d.Get("tags_fingerprint").(string)
+	}
+
+	return tags
+}
--- a/builtin/providers/google/resource_compute_instance_test.go
+++ b/builtin/providers/google/resource_compute_instance_test.go
@ -0,0 +1,246 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeInstance_basic(t *testing.T) {
+	var instance compute.Instance
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeInstanceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeInstance_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeInstanceExists(
+						"google_compute_instance.foobar", &instance),
+					testAccCheckComputeInstanceTag(&instance, "foo"),
+					testAccCheckComputeInstanceMetadata(&instance, "foo", "bar"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccComputeInstance_IP(t *testing.T) {
+	var instance compute.Instance
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeInstanceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeInstance_ip,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeInstanceExists(
+						"google_compute_instance.foobar", &instance),
+					testAccCheckComputeInstanceNetwork(&instance),
+				),
+			},
+		},
+	})
+}
+
+func TestAccComputeInstance_update(t *testing.T) {
+	var instance compute.Instance
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeInstanceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeInstance_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeInstanceExists(
+						"google_compute_instance.foobar", &instance),
+				),
+			},
+			resource.TestStep{
+				Config: testAccComputeInstance_update,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeInstanceExists(
+						"google_compute_instance.foobar", &instance),
+					testAccCheckComputeInstanceMetadata(
+						&instance, "bar", "baz"),
+					testAccCheckComputeInstanceTag(&instance, "baz"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeInstanceDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_instance" {
+			continue
+		}
+
+		_, err := config.clientCompute.Instances.Get(
+			config.Project, rs.Attributes["zone"], rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Instance still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeInstanceExists(n string, instance *compute.Instance) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Instances.Get(
+			config.Project, rs.Attributes["zone"], rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Instance not found")
+		}
+
+		*instance = *found
+
+		return nil
+	}
+}
+
+func testAccCheckComputeInstanceMetadata(
+	instance *compute.Instance,
+	k string, v string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if instance.Metadata == nil {
+			return fmt.Errorf("no metadata")
+		}
+
+		for _, item := range instance.Metadata.Items {
+			if k != item.Key {
+				continue
+			}
+
+			if v == item.Value {
+				return nil
+			}
+
+			return fmt.Errorf("bad value for %s: %s", k, item.Value)
+		}
+
+		return fmt.Errorf("metadata not found: %s", k)
+	}
+}
+
+func testAccCheckComputeInstanceNetwork(instance *compute.Instance) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		for _, i := range instance.NetworkInterfaces {
+			for _, c := range i.AccessConfigs {
+				if c.NatIP == "" {
+					return fmt.Errorf("no NAT IP")
+				}
+			}
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckComputeInstanceTag(instance *compute.Instance, n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if instance.Tags == nil {
+			return fmt.Errorf("no tags")
+		}
+
+		for _, k := range instance.Tags.Items {
+			if k == n {
+				return nil
+			}
+		}
+
+		return fmt.Errorf("tag not found: %s", n)
+	}
+}
+
+const testAccComputeInstance_basic = `
+resource "google_compute_instance" "foobar" {
+	name = "terraform-test"
+	machine_type = "n1-standard-1"
+	zone = "us-central1-a"
+	tags = ["foo", "bar"]
+
+	disk {
+		image = "debian-7-wheezy-v20140814"
+	}
+
+	network {
+		source = "default"
+	}
+
+	metadata {
+		foo = "bar"
+	}
+}`
+
+const testAccComputeInstance_update = `
+resource "google_compute_instance" "foobar" {
+	name = "terraform-test"
+	machine_type = "n1-standard-1"
+	zone = "us-central1-a"
+	tags = ["baz"]
+
+	disk {
+		image = "debian-7-wheezy-v20140814"
+	}
+
+	network {
+		source = "default"
+	}
+
+	metadata {
+		bar = "baz"
+	}
+}`
+
+const testAccComputeInstance_ip = `
+resource "google_compute_address" "foo" {
+	name = "foo"
+}
+
+resource "google_compute_instance" "foobar" {
+	name = "terraform-test"
+	machine_type = "n1-standard-1"
+	zone = "us-central1-a"
+	tags = ["foo", "bar"]
+
+	disk {
+		image = "debian-7-wheezy-v20140814"
+	}
+
+	network {
+		source = "default"
+		address = "${google_compute_address.foo.address}"
+	}
+
+	metadata {
+		foo = "bar"
+	}
+}`
--- a/builtin/providers/google/resource_compute_network.go
+++ b/builtin/providers/google/resource_compute_network.go
@ -0,0 +1,137 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeNetwork() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeNetworkCreate,
+		Read:   resourceComputeNetworkRead,
+		Delete: resourceComputeNetworkDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"ipv4_range": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"gateway_ipv4": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceComputeNetworkCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Build the network parameter
+	network := &compute.Network{
+		Name:      d.Get("name").(string),
+		IPv4Range: d.Get("ipv4_range").(string),
+	}
+	log.Printf("[DEBUG] Network insert request: %#v", network)
+	op, err := config.clientCompute.Networks.Insert(
+		config.Project, network).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating network: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(network.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for network to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeNetworkRead(d, meta)
+}
+
+func resourceComputeNetworkRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	network, err := config.clientCompute.Networks.Get(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading network: %s", err)
+	}
+
+	d.Set("gateway_ipv4", network.GatewayIPv4)
+
+	return nil
+}
+
+func resourceComputeNetworkDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the network
+	op, err := config.clientCompute.Networks.Delete(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting network: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for network to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
--- a/builtin/providers/google/resource_compute_network_test.go
+++ b/builtin/providers/google/resource_compute_network_test.go
@ -0,0 +1,82 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeNetwork_basic(t *testing.T) {
+	var network compute.Network
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeNetworkDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeNetwork_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeNetworkExists(
+						"google_compute_network.foobar", &network),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeNetworkDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_network" {
+			continue
+		}
+
+		_, err := config.clientCompute.Networks.Get(
+			config.Project, rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Network still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeNetworkExists(n string, network *compute.Network) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Networks.Get(
+			config.Project, rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Network not found")
+		}
+
+		*network = *found
+
+		return nil
+	}
+}
+
+const testAccComputeNetwork_basic = `
+resource "google_compute_network" "foobar" {
+	name = "terraform-test"
+	ipv4_range = "10.0.0.0/16"
+}`
--- a/builtin/providers/google/resource_compute_route.go
+++ b/builtin/providers/google/resource_compute_route.go
@ -0,0 +1,234 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"code.google.com/p/google-api-go-client/googleapi"
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceComputeRoute() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeRouteCreate,
+		Read:   resourceComputeRouteRead,
+		Delete: resourceComputeRouteDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"dest_range": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"network": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"next_hop_ip": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"next_hop_instance": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"next_hop_instance_zone": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"next_hop_gateway": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"next_hop_network": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"priority": &schema.Schema{
+				Type:     schema.TypeInt,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"tags": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set: func(v interface{}) int {
+					return hashcode.String(v.(string))
+				},
+			},
+		},
+	}
+}
+
+func resourceComputeRouteCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Look up the network to attach the route to
+	network, err := config.clientCompute.Networks.Get(
+		config.Project, d.Get("network").(string)).Do()
+	if err != nil {
+		return fmt.Errorf("Error reading network: %s", err)
+	}
+
+	// Next hop data
+	var nextHopInstance, nextHopIp, nextHopNetwork, nextHopGateway string
+	if v, ok := d.GetOk("next_hop_ip"); ok {
+		nextHopIp = v.(string)
+	}
+	if v, ok := d.GetOk("next_hop_gateway"); ok {
+		nextHopGateway = v.(string)
+	}
+	if v, ok := d.GetOk("next_hop_instance"); ok {
+		nextInstance, err := config.clientCompute.Instances.Get(
+			config.Project,
+			d.Get("next_hop_instance_zone").(string),
+			v.(string)).Do()
+		if err != nil {
+			return fmt.Errorf("Error reading instance: %s", err)
+		}
+
+		nextHopInstance = nextInstance.SelfLink
+	}
+	if v, ok := d.GetOk("next_hop_network"); ok {
+		nextNetwork, err := config.clientCompute.Networks.Get(
+			config.Project, v.(string)).Do()
+		if err != nil {
+			return fmt.Errorf("Error reading network: %s", err)
+		}
+
+		nextHopNetwork = nextNetwork.SelfLink
+	}
+
+	// Tags
+	var tags []string
+	if v := d.Get("tags").(*schema.Set); v.Len() > 0 {
+		tags = make([]string, v.Len())
+		for i, v := range v.List() {
+			tags[i] = v.(string)
+		}
+	}
+
+	// Build the route parameter
+	route := &compute.Route{
+		Name:            d.Get("name").(string),
+		DestRange:       d.Get("dest_range").(string),
+		Network:         network.SelfLink,
+		NextHopInstance: nextHopInstance,
+		NextHopIp:       nextHopIp,
+		NextHopNetwork:  nextHopNetwork,
+		NextHopGateway:  nextHopGateway,
+		Priority:        int64(d.Get("priority").(int)),
+		Tags:            tags,
+	}
+	log.Printf("[DEBUG] Route insert request: %#v", route)
+	op, err := config.clientCompute.Routes.Insert(
+		config.Project, route).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating route: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(route.Name)
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for route to create: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	return resourceComputeRouteRead(d, meta)
+}
+
+func resourceComputeRouteRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	_, err := config.clientCompute.Routes.Get(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading route: %#v", err)
+	}
+
+	return nil
+}
+
+func resourceComputeRouteDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the route
+	op, err := config.clientCompute.Routes.Delete(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting route: %s", err)
+	}
+
+	// Wait for the operation to complete
+	w := &OperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    OperationWaitGlobal,
+	}
+	state := w.Conf()
+	state.Timeout = 2 * time.Minute
+	state.MinTimeout = 1 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for route to delete: %s", err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return OperationError(*op.Error)
+	}
+
+	d.SetId("")
+	return nil
+}
--- a/builtin/providers/google/resource_compute_route_test.go
+++ b/builtin/providers/google/resource_compute_route_test.go
@ -0,0 +1,90 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"code.google.com/p/google-api-go-client/compute/v1"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccComputeRoute_basic(t *testing.T) {
+	var route compute.Route
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeRouteDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeRoute_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRouteExists(
+						"google_compute_route.foobar", &route),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeRouteDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.Resources {
+		if rs.Type != "google_compute_route" {
+			continue
+		}
+
+		_, err := config.clientCompute.Routes.Get(
+			config.Project, rs.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Route still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeRouteExists(n string, route *compute.Route) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.Routes.Get(
+			config.Project, rs.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.ID {
+			return fmt.Errorf("Route not found")
+		}
+
+		*route = *found
+
+		return nil
+	}
+}
+
+const testAccComputeRoute_basic = `
+resource "google_compute_network" "foobar" {
+	name = "terraform-test"
+	ipv4_range = "10.0.0.0/16"
+}
+
+resource "google_compute_route" "foobar" {
+	name = "terraform-test"
+	dest_range = "15.0.0.0/24"
+	network = "${google_compute_network.foobar.name}"
+	next_hop_ip = "10.0.1.5"
+	priority = 100
+}`
--- a/builtin/providers/google/test-fixtures/fake_account.json
+++ b/builtin/providers/google/test-fixtures/fake_account.json
@ -0,0 +1,7 @@
+{
+    "private_key_id": "foo",
+    "private_key": "bar",
+    "client_email": "foo@bar.com",
+    "client_id": "id@foo.com",
+    "type": "service_account"
+}
--- a/builtin/providers/google/test-fixtures/fake_client.json
+++ b/builtin/providers/google/test-fixtures/fake_client.json
@ -0,0 +1,11 @@
+{
+    "web": {
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "client_secret": "foo",
+        "token_uri": "https://accounts.google.com/o/oauth2/token",
+        "client_email": "foo@developer.gserviceaccount.com",
+        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/foo@developer.gserviceaccount.com",
+        "client_id": "foo.apps.googleusercontent.com",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"
+    }
+}
--- a/website/source/docs/providers/google/index.html.markdown
+++ b/website/source/docs/providers/google/index.html.markdown
@ -0,0 +1,68 @@
+---
+layout: "google"
+page_title: "Provider: Google Cloud"
+sidebar_current: "docs-google-index"
+---
+
+# Google Cloud Provider
+
+The Google Cloud provider is used to interact with
+[Google Cloud services](https://cloud.google.com/). The provider needs
+to be configured with the proper credentials before it can be used.
+
+Use the navigation to the left to read about the available resources.
+
+## Example Usage
+
+```
+# Configure the Google Cloud provider
+provider "google" {
+    account_file = "account.json"
+    client_secrets_file = "client_secrets.json"
+    project = "my-gce-project"
+    region = "us-central1"
+}
+
+# Create a new instance
+resource "google_compute_instance" "default" {
+    ...
+}
+```
+
+## Configuration Reference
+
+The following keys can be used to configure the provider.
+
+* `account_file` - (Required) Path to the JSON file used to describe
+  your account credentials, downloaded from Google Cloud Console. More
+  details on retrieving this file are below.
+
+* `client_secrets_file` - (Required) Path to the JSON file containing
+  the secrets for your account, downloaded from Google Cloud Console.
+  More details on retrieving this file are below.
+
+* `project` - (Required) The name of the project to apply any resources to.
+
+* `region` - (Required) The region to operate under.
+
+## Authentication JSON Files
+
+Authenticating with Google Cloud services requires two separate JSON
+files: one which we call the _account file_ and the _client secrets file_.
+
+Both of these files are downloaded directly from the
+[Google Developers Console](https://console.developers.google.com). To make
+the process more straightforwarded, it is documented here.
+
+1. Log into the [Google Developers Console](https://console.developers.google.com)
+   and select a project.
+
+2. Under the "APIs & Auth" section, click "Credentials."
+
+3. Click the "Download JSON" button under the "Compute Engine and App Engine"
+   account in the OAuth section. The file should start with "client\_secrets".
+   This is your _client secrets file_.
+
+4. Create a new OAuth client ID and select "Service Account" as the type
+   of account. Once created, a JSON file should be downloaded. This is your
+   _account file_.
--- a/website/source/docs/providers/google/r/compute_address.html.markdown
+++ b/website/source/docs/providers/google/r/compute_address.html.markdown
@ -0,0 +1,31 @@
+---
+layout: "google"
+page_title: "Google: google_compute_address"
+sidebar_current: "docs-google-resource-address"
+---
+
+# google\_compute\_address
+
+Creates a static IP address resource for Google Compute Engine.
+
+## Example Usage
+
+```
+resource "google_compute_address" "default" {
+	name = "test-address"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `address` - The IP address that was allocated.
--- a/website/source/docs/providers/google/r/compute_disk.html.markdown
+++ b/website/source/docs/providers/google/r/compute_disk.html.markdown
@ -0,0 +1,42 @@
+---
+layout: "google"
+page_title: "Google: google_compute_disk"
+sidebar_current: "docs-google-resource-disk"
+---
+
+# google\_compute\_disk
+
+Creates a new persistent disk within GCE, based on another disk.
+
+## Example Usage
+
+```
+resource "google_compute_disk" "default" {
+	name = "test-disk"
+	zone = "us-central1-a"
+	image = "debian7-wheezy"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+* `zone` - (Required) The zone where this disk will be available.
+
+* `image` - (Optional) The machine image to base this disk off of.
+
+* `size` - (Optional) The size of the image in gigabytes. If not specified,
+    it will inherit the size of its base image.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `zone` - The zone where the resource is located.
+* `image` - The name of the image the disk is based off of.
+* `size` - The size of the disk in gigabytes.
--- a/website/source/docs/providers/google/r/compute_firewall.html.markdown
+++ b/website/source/docs/providers/google/r/compute_firewall.html.markdown
@ -0,0 +1,62 @@
+---
+layout: "google"
+page_title: "Google: google_compute_firewall"
+sidebar_current: "docs-google-resource-firewall"
+---
+
+# google\_compute\_firewall
+
+Manages a firewall resource within GCE.
+
+## Example Usage
+
+```
+resource "google_compute_firewall" "default" {
+	name = "test"
+	network = "${google_compute_network.other.name}"
+
+	allow {
+		protocol = "icmp"
+	}
+
+	allow {
+		protocol = "tcp"
+		ports = ["80", "8080", "1000-2000"]
+	}
+
+	source_tags = ["web"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+* `network` - (Required) The name of the network to attach this firewall to.
+
+* `allow` - (Required) Can be specified multiple times for each allow
+    rule. Each allow block supports fields documented below.
+
+* `source_ranges` - (Optional) A list of source CIDR ranges that this
+   firewall applies to.
+
+* `source_tags` - (Optional) A list of tags that this firewall applies to.
+
+The `allow` block supports:
+
+* `protocol` - (Required) The name of the protocol to allow.
+
+* `ports` - (Optional) List of ports and/or port ranges to allow. This can
+    only be specified if the protocol is TCP or UDP.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `network` - The network that this resource is attached to.
+* `source_ranges` - The CIDR block ranges this firewall applies to.
+* `source_tags` - The tags that this firewall applies to.
--- a/website/source/docs/providers/google/r/compute_instance.html.markdown
+++ b/website/source/docs/providers/google/r/compute_instance.html.markdown
@ -0,0 +1,80 @@
+---
+layout: "google"
+page_title: "Google: google_compute_instance"
+sidebar_current: "docs-google-resource-instance"
+---
+
+# google\_compute\_instance
+
+Manages a VM instance resource within GCE.
+
+## Example Usage
+
+```
+resource "google_compute_instance" "default" {
+	name = "test"
+	machine_type = "n1-standard-1"
+	zone = "us-central1-a"
+	tags = ["foo", "bar"]
+
+	disk {
+		image = "debian-7-wheezy-v20140814"
+	}
+
+	network {
+		source = "default"
+	}
+
+	metadata {
+		foo = "bar"
+	}
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+* `description` - (Optional) A brief description of this resource.
+
+* `machine_type` - (Required) The machine type to create.
+
+* `zone` - (Required) The zone that the machine should be created in.
+
+* `disk` - (Required) Disks to attach to the instance. This can be specified
+    multiple times for multiple disks. Structure is documented below.
+
+* `metadata` - (Optional) Metadata key/value pairs to make available from
+    within the instance.
+
+* `network` - (Required) Networks to attach to the instance. This can be
+    specified multiple times for multiple networks. Structure is documented
+    below.
+
+* `tags` - (Optional) Tags to attach to the instance.
+
+The `disk` block supports:
+
+* `disk` - (Required if image not set) The name of the disk (such as
+     those managed by `google_compute_disk`) to attach.
+
+* `image` - (Required if disk not set) The name of the image to base
+    this disk off of.
+
+The `network` block supports:
+
+* `source` - (Required) The name of the network to attach this interface to.
+
+* `address` - (Optional) The IP address of a reserved IP address to assign
+     to this interface.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `machine_type` - The type of machine.
+* `zone` - The zone the machine lives in.
--- a/website/source/docs/providers/google/r/compute_network.html.markdown
+++ b/website/source/docs/providers/google/r/compute_network.html.markdown
@ -0,0 +1,36 @@
+---
+layout: "google"
+page_title: "Google: google_compute_network"
+sidebar_current: "docs-google-resource-network"
+---
+
+# google\_compute\_network
+
+Manages a network within GCE.
+
+## Example Usage
+
+```
+resource "google_compute_network" "default" {
+	name = "test"
+	ipv4_range = "10.0.0.0/16"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+* `ipv4_range` - (Required) The IPv4 address range that machines in this
+     network are assigned to, represented as a CIDR block.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `ipv4_range` - The CIDR block of this network.
+* `gateway_ipv4` - The IPv4 address of the gateway.
--- a/website/source/docs/providers/google/r/compute_route.html.markdown
+++ b/website/source/docs/providers/google/r/compute_route.html.markdown
@ -0,0 +1,72 @@
+---
+layout: "google"
+page_title: "Google: google_compute_route"
+sidebar_current: "docs-google-resource-route"
+---
+
+# google\_compute\_route
+
+Manages a network route within GCE.
+
+## Example Usage
+
+```
+resource "google_compute_network" "foobar" {
+	name = "test"
+	ipv4_range = "10.0.0.0/16"
+}
+
+resource "google_compute_route" "foobar" {
+	name = "test"
+	dest_range = "15.0.0.0/24"
+	network = "${google_compute_network.foobar.name}"
+	next_hop_ip = "10.0.1.5"
+	priority = 100
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+* `dest_range` - (Required) The destination IPv4 address range that this
+     route applies to.
+
+* `network` - (Required) The name of the network to attach this route to.
+
+* `next_hop_ip` - (Optional) The IP address of the next hop if this route
+    is matched.
+
+* `next_hop_instance` - (Optional) The name of the VM instance to route to
+    if this route is matched.
+
+* `next_hop_instance_zone` - (Optional) The zone of the instance specified
+    in `next_hop_instance`.
+
+* `next_hop_gateway` - (Optional) The name of the internet gateway to route
+    to if this route is matched.
+
+* `next_hop_network` - (Optional) The name of the network to route to if this
+    route is matched.
+
+* `priority` - (Required) The priority of this route, used to break ties.
+
+* `tags` - (Optional) The tags that this route applies to.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `dest_range` - The detination CIDR block of this route.
+* `network` - The name of the network of this route.
+* `next_hop_ip` - The IP address of the next hop, if available.
+* `next_hop_instance` - The name of the instance of the next hop, if available.
+* `next_hop_instance_zone` - The zone of the next hop instance, if available.
+* `next_hop_gateway` - The name of the next hop gateway, if available.
+* `next_hop_network` - The name of the next hop network, if available.
+* `priority` - The priority of this route.
+* `tags` - The tags this route applies to.
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@ -96,6 +96,10 @@
 					<a href="/docs/providers/dnsimple/index.html">DNSimple</a>
 					</li>

+					<li<%= sidebar_current("docs-providers-google") %>>
+					<a href="/docs/providers/google/index.html">Google Cloud</a>
+					</li>
+
 					<li<%= sidebar_current("docs-providers-heroku") %>>
 					<a href="/docs/providers/heroku/index.html">Heroku</a>
 					</li>
--- a/website/source/layouts/google.erb
+++ b/website/source/layouts/google.erb
@ -0,0 +1,46 @@
+<% wrap_layout :inner do %>
+	<% content_for :sidebar do %>
+	<div class="docs-sidebar hidden-print affix-top" role="complementary">
+	<ul class="nav docs-sidenav">
+		<li<%= sidebar_current("docs-home") %>>
+		<a href="/docs/index.html">&laquo; Documentation Home</a>
+		</li>
+
+		<li<%= sidebar_current("docs-google-index") %>>
+		<a href="/docs/providers/google/index.html">google Provider</a>
+		</li>
+
+		<li<%= sidebar_current("docs-google-resource") %>>
+		<a href="#">Resources</a>
+		<ul class="nav nav-visible">
+			<li<%= sidebar_current("docs-google-resource-address") %>>
+			<a href="/docs/providers/google/r/compute_address.html">google_compute_address</a>
+			</li>
+
+			<li<%= sidebar_current("docs-google-resource-disk") %>>
+			<a href="/docs/providers/google/r/compute_disk.html">google_compute_disk</a>
+			</li>
+
+			<li<%= sidebar_current("docs-google-resource-firewall") %>>
+			<a href="/docs/providers/google/r/compute_firewall.html">google_compute_firewall</a>
+			</li>
+
+			<li<%= sidebar_current("docs-google-resource-instance") %>>
+			<a href="/docs/providers/google/r/compute_instance.html">google_compute_instance</a>
+			</li>
+
+			<li<%= sidebar_current("docs-google-resource-network") %>>
+			<a href="/docs/providers/google/r/compute_network.html">google_compute_network</a>
+			</li>
+
+			<li<%= sidebar_current("docs-google-resource-route") %>>
+			<a href="/docs/providers/google/r/compute_route.html">google_compute_route</a>
+			</li>
+		</ul>
+		</li>
+	</ul>
+</div>
+	<% end %>
+
+<%= yield %>
+	<% end %>
--- a/website/source/stylesheets/_docs.less
+++ b/website/source/stylesheets/_docs.less
@ -9,6 +9,7 @@ body.page-sub{
 body.layout-consul,
 body.layout-dnsimple,
 body.layout-cloudflare,
+body.layout-google,
 body.layout-heroku,
 body.layout-mailgun,
 body.layout-digitalocean,
--- a/website/source/stylesheets/main.css
+++ b/website/source/stylesheets/main.css
@ -1617,6 +1617,7 @@ body.page-sub {
 body.layout-consul,
 body.layout-dnsimple,
 body.layout-cloudflare,
+body.layout-google,
 body.layout-heroku,
 body.layout-mailgun,
 body.layout-digitalocean,
@ -1630,6 +1631,7 @@ body.layout-intro {
 body.layout-consul > .container .col-md-8[role=main],
 body.layout-dnsimple > .container .col-md-8[role=main],
 body.layout-cloudflare > .container .col-md-8[role=main],
+body.layout-google > .container .col-md-8[role=main],
 body.layout-heroku > .container .col-md-8[role=main],
 body.layout-mailgun > .container .col-md-8[role=main],
 body.layout-digitalocean > .container .col-md-8[role=main],
@ -1644,6 +1646,7 @@ body.layout-intro > .container .col-md-8[role=main] {
 body.layout-consul > .container .col-md-8[role=main] > div,
 body.layout-dnsimple > .container .col-md-8[role=main] > div,
 body.layout-cloudflare > .container .col-md-8[role=main] > div,
+body.layout-google > .container .col-md-8[role=main] > div,
 body.layout-heroku > .container .col-md-8[role=main] > div,
 body.layout-mailgun > .container .col-md-8[role=main] > div,
 body.layout-digitalocean > .container .col-md-8[role=main] > div,